1. They are vey different. Those who arent aware of the large differences shouldn't comment as if they are they are subject experts. Telegram might be full of holes but it is a very different thing to Slack. (I use both for different things.)
2. I have my own issues with Telegram (the refusal to introduce sustainable funding, pushing of crypto currencies, possibly also marketing it as more than it is) but except that there's a lot to like about it and I think it is a decent starting point if someone with strong cryptographic skills wants to start with a decent client and go ahead to provide something better (either introduce e2e-encryption or improve, document and provide some way to verify the current solution.)
This is getting tiresome and I don't think I'll move ryanlol, but for everyone else:
One big difference between slack and Telegram is that Slack can and will give my data to the administrator at work if they ask for it.
ryanlol seems to be thinking only about the last hop from their data center to the device. In practice security is about a whole lot more than just checking of the coolest boxes: WhatsApp for example has had e2e encryption for a while now all while uploading every last message of every conversation to datacenters that are easily accessible for anyone with an American subpoena.
That is totally OK, I'm posting this from my old account and I don't have anything to hide from American authorities but hardly compatible with what certain people here think that just because something is e2e encrypted then it safe and good.
So why is Telegram bulletproof. That was a trick question : it isn't. But we should stick to the facts instead of trying to tear down a strawman.
Re the rest of ryanlols post: as I've mentioned before most people here don't understand Russian, yet ryanlol keep posting old Russian posts. I don't know why.
>The big difference between slack and Telegram is that Slack can easily give my data to the administrator at work if they ask for it.
Sure, that's perfectly fair. With Slack you have to trust Slack and the admins of your workspace (which could very well be you!), with Telegram you have to trust Telegram but don't get workspaces.
>Re the rest of your post: as I've mentioned begore most people here don't understand Russian, yet you keep posting old Russian posts.
It's hardly unreasonable to assume that people in 2019 have access to translation software, I also think it'd be presumptuous to directly link to a machine translated version.
> With Slack you have to trust Slack and the admins of your workspace (which could very well be you!), with Telegram you have to trust Telegram but don't get workspaces.
Small modification:
With Slack you have to trust the admins (which is most often not you) as well as Slack.
With Telegram you have to trust Telegram.
I trust none of them much but there's still a difference. Also as far as I am aware Slack has never ever pointed out if they encrypt their data at rest which leads me to guess that they don't do it.
E2E encryption is kind of a fucky thing, some suggest it is fundamentally impossible for central web services and even mobile / desktop apps. Basically, if there is a third party involved in the code besides Alice and Bob, the two can never guarantee E2E encryption.
Web part is simple, as there are countless ways you can get malicious code delivered from what you think is the correct, safe, web server.
Same concept applies to app store / desktop program updates, but with a slightly slower and more difficult attack prospect.
Anyways, Telegram does seem to have the best encryption of any major service, and it's what we use at my company for almost all internal communications.
>E2E encryption is kind of a fucky thing, some suggest it is fundamentally impossible for central web services and even mobile / desktop apps
"some suggest" How about you actually name some competent people who suggest this?
>Basically, if there is a third party involved in the code besides Alice and Bob, the two can never guarantee E2E encryption.
Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!
>Anyways, Telegram does seem to have the best encryption of any major service, and it's what we use at my company for almost all internal communications.
Why do you think this? This is such a fundamentally ridiculous claim, I find it absolutely fascinating that someone might arrive at this conclusion.
> How about you actually name some competent people who suggest this?
As I don't remember the name of everybody I read about, it would take significant effort to go find the source.
It's much simpler to prove the concept logically:
Any time you're communicating on a service provided, programmed, and updated by at least one third party, it is fundamentally impossible to guarantee E2EE without being omniscient of what they're doing.
This is simply because the unen/decrypted data is in the software at some point in time, and the third party controls the software.
> Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!
I did not say or imply this in any way, and no it is neither an insane nor dishonest argument, it's just a consequence of allowing a third party to control your data.
It's an american development by a company that refuses to release actually open software. Perhaps it's good in theory! As far as I am aware there is no open implementation of it and it is also inside a problematic regime and therefore just as suspect.
Signal clients are released aa open source as far as I am aware and mathematics doesn't care about what regime it is developed under.
You guys will normally find me defending Telegram here but the more important point is that we should stick to the facts even if they go in favor of "the other side".
I have not to date found anything that allows me to build a client myself and subsequently actually use it. Never mind the server, which is about as opaque as they come.
This isn't about Telegram advocacy, it's about how I keep reading "Signal is so good!" even though the devs have a very bad attitude to anyone asking about reproducible builds. When they are that hostile they do not earn trust, so it is mystifying to me that people seem to love them so much.
1. The man behind Telegram cannot even safely visit Russia after people with friends in high places stole his previous startup there or so the story goes.
2. As have been pointed out before, while this is really bad if true, but you are pointing to something that happened extremely early in the development of Telegram and later fixed (and as I've mentioned before you keep throwing a link to an old Russian post in a forun where most people have never read a word Russian. I'll add this time that it is almost as you don't want anyone to read it.)
>1. The man behind Telegram cannot even safely visit Russia after people with friends in high places stole his previous startup there or so the story goes.
Unfortunately the western press doesn't really care about Telegram or the Durovs so we don't really have heaps of high quality journalism to count on.
>but you are pointing to something that happened extremely early in the development of Telegram and later fixed
I'm not convinced that this is something that can be fixed. Sure, they removed the backdoor they added but does that really fix the organization?
I think it's utterly irrelevant that this backdoor was added and removed a while ago, the Telegram team hasn't significantly changed since then.
>I've mentioned before you keep throwing a link to an old Russian post in a forun where most people have never read a word Russian
I don't read Russian either, but I have no problem reading this post with google translate (or yandex translate if you'd like) and I assume that you too have access to this amazing technology.
2. I have my own issues with Telegram (the refusal to introduce sustainable funding, pushing of crypto currencies, possibly also marketing it as more than it is) but except that there's a lot to like about it and I think it is a decent starting point if someone with strong cryptographic skills wants to start with a decent client and go ahead to provide something better (either introduce e2e-encryption or improve, document and provide some way to verify the current solution.)